Create your very own Auto Publish News/Blog Site and Earn Passive Income in Just 4 Easy Steps
Talk and actions are two very different things. In the digital world, there are few topics that are more important than security, data protection and compliance. They are not something you want to brag about unless you really do what it takes.
Sinch Email on Acid is proud to announce that we have taken steps to reinforce and demonstrate our commitment to providing customers with a secure platform focused on data protection, including GDPR compliance.
How did we do it? Great question. These include some industry audits and international certifications that evaluate our security programs, processes and preparedness:
- ISO 27001 and ISO 27701
- SOC 2 Type I audit
No matter who you work with, these certifications and audits are a sign that you are a technology partner you can trust. To explain exactly why this is the case, let's take a closer look at what goes into becoming certified and passing security and compliance audits.
What is ISO 27001?
There's a good chance you've heard of ISO standards before. The International Standards Organization is a global non-governmental organization that defines, develops and publishes all types of standards.
This could include sustainability standards such as net zero emissions. A fairly well-known standard is ISO 9001, which certifies quality management processes.
ISO 27001 focuses on information security standards. We sought and achieved this certification because it demonstrates competence and indicates that a reliable information security program is in place. More specifically, ISO 27001 certifies the following:
- Customers are protected and informed through confidentiality, integrity and the availability of attack data.
- That our program is aligned with more than 140 controls to identify, investigate and respond to potential security incidents.
- That annual risk assessments are carried out to ensure threats are managed properly.
To achieve ISO 27001 certification, independent auditors test our information security program against all of these controls. This means we need to clearly identify risks, set clear objectives for what needs to be achieved with information security, and define the safeguards and risk mitigation measures to manage the risks.
Additionally, ISO 27001 requires that we demonstrate how we regularly measure our information security controls and that we continually work to improve security.
What is ISO 27701?
ISO 27701 is in the same certification family as ISO 27001. The main difference is an ISO 27701 certification adds data protection There is also information security. An important reason for this is the evaluation of controls related to the European Union's General Data Protection Regulation (GDPR).
Although ISO 27701 is not a literal GDPR certification, it shows that Email on Acid and Mailgun Optimize have a data protection program that meets similar requirements to the regulation – and that we are continually working to improve data protection .
Data protection is crucial in the email world. As a customer or user, you not only want your Personally Identifiable Information (PII) to be protected, but you also need to protect the data of your customers and subscribers. This also includes their email addresses.
Dan Ross leads the team responsible for much of this and works directly with the auditors. He understands why the GDPR plays such a big role for email senders.
“The GDPR is considered by most to be the most comprehensive data protection law in the world. Our products adhere to this data protection law and, combined with our ISO 27701, our privacy policy and our data processing agreement, our customers can be assured that their data will be treated appropriately.”
~ Dan Ross, Senior Manager, Governance, Risk and Compliance (GRC)
Even though GDPR only applies to the personal data of EU residents, all Sinch Email brands treat data the same. This means everyone is protected, and it helps prepare our platforms and our customers for future legislation, such as the proposed American Data Privacy and Protection Act (ADPPA).
ISO 27701 certification is important because as an email sender you need to find GDPR-compliant technology partners. That's the evidence.
What is a SOC 2 Type I Audit?
The word “audit” never really sounds fun, does it? Dan Ross can confirm that the testing of our brands is very intensive and takes some very long days.
A SOC 2 Type I audit takes place annually. It is a strictly regulated audit, the result of which is a report that provides a professional opinion on the effectiveness of around 400 controls. (That's a lot.) With SOC 2 Type I, auditors thoroughly test these operational, security, availability, and confidentiality controls at a specific point in time.
There is also a SOC 2 Type II report which follows the same controls but is done over a 12 month period rather than at a specific point in time. Our sister brands Mailgun and Mailjet have already passed the SOC 2 Type II audit. In 2023 we are working to achieve this for all Sinch Email products, including Email on Acid and Mailgun Optimize.
During a SOC 2 audit, the independent auditors check, among other things, whether we have offered our employees cybersecurity training. You'll also learn whether we test product code changes for security vulnerabilities before pushing them live to our platforms.
What does this all mean for you?
Cybersecurity and data protection compliance can be complicated – and frankly – a little scary. We track and provide these reports and certifications We want our customers to have peace of mind.
When you work with Email on Acid, Mailgun Optimize, or any of Sinch's email solutions, you can rest easy knowing you can trust us. We don't just tell customers and prospects that we are safe and compliant. We have our programs tested so you can be sure we mean what we say.
If you would like to learn more about our ISO certifications or the results of our SOC 2 Type I audit, you can request and download documentation from the Mailgun Security Portal. There you will find a wealth of information that may be particularly helpful to those evaluating us as a potential technology partner.
Learn more about email security
Want to learn more about cybersecurity and email? Our friends and colleagues at Sinch Mailgun have published a comprehensive guide that you can download for free. You will discover:
- How the email threat landscape is constantly changing and how it impacts your business.
- Advice on complying with data protection regulations such as GDPR, HIPAA and CCPA.
- Why email authentication is critical to protecting your subscribers and your brand.
- Guide to selecting technology partners that take security and privacy seriously.
Visit Mailgun.com and get your copy of Mailgun's Guide to Email Security and Compliance.
Author: The Email on Acid Team
Email on Acid's content team is made up of digital marketers, content creators, and real email geeks. Connect with us on LinkedIn, follow us on Facebook, and tweet @EmailonAcid on Twitter for more great email marketing news and great convos.
Author: The Email on Acid Team
Email on Acid's content team is made up of digital marketers, content creators, and real email geeks. Connect with us on LinkedIn, follow us on Facebook, and tweet @EmailonAcid on Twitter for more great email marketing news and great convos.
Create your very own Auto Publish News/Blog Site and Earn Passive Income in Just 4 Easy Steps
